• Title/Summary/Keyword: Attack Mitigation

Search Result 52, Processing Time 0.016 seconds

Design of a Security System to Defeat Abnormal IPSec Traffic in IPv6 Networks (IPv6 환경에서 비정상 IPSec 트래픽 대응 보안 시스템 설계)

  • Kim Ka-Eul;Ko Kwang-Sun;Gyeong Gye-Hyeon;Kang Seong-Goo;Eom Young-Ik
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.16 no.4
    • /
    • pp.127-138
    • /
    • 2006
  • The IPSec is a basic security mechanism of the IPv6 protocol, which can guarantee an integrity and confidentiality of data that transmit between two corresponding hosts. Also, both data and communication subjects can be authenticated using the IPSec mechanism. However, it is difficult that the IPSec mechanism protects major important network from attacks which transmit mass abnormal IPSec traffic in session-configuration or communication phases. In this paper, we present a design of the security system that can effectively detect and defeat abnormal IPSec traffic, which is encrypted by the ESP extension header, using the IPSec Session and Configuration table without any decryption. This security system is closely based on a multi-tier attack mitigation mechanism which is based on network bandwidth management and aims to counteract DDoS attacks and DoS effects of worm activity.

A Quantitative Security Metric Based on MITRE ATT&CK for Risk Management (위험 관리를 위한 MITRE ATT&CK 기반의 정량적 보안 지표)

  • Haerin Kim;Seungwoon Lee;Su-Youn Hong
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.34 no.1
    • /
    • pp.53-60
    • /
    • 2024
  • Security assessment is an indispensable process for a secure network, and appropriate performance indicators must be present to manage risks. The most widely used quantitative indicator is CVSS. CVSS has a problem that it cannot consider context in terms of subjectivity, complexity of interpretation, and security risks. To compensate for these problems, we propose indicators that itemize and quantify four things: attackers, threats, responses, and assets, taking into account the security context of ISO/IEC 15408 documents. Vulnerabilities discovered through network scanning can be mapped to MITREATT&CK's technology by the connection between weaknesses and attack patterns (CAPEC). We use MITREATT&CK's Groups, Tactic, and Mitigations to produce consistent and intuitive scores. Accordingly, it is expected that security evaluation managers will have a positive impact on strengthening security such as corporate networks by expanding the range of choices among security indicators from various perspectives.